/src/ndpi/src/lib/protocols/sflow.c
Line | Count | Source |
1 | | /* |
2 | | * sflow.c |
3 | | * |
4 | | * Copyright (C) 2011-26 - ntop.org |
5 | | * |
6 | | * nDPI is free software: you can redistribute it and/or modify |
7 | | * it under the terms of the GNU Lesser General Public License as published by |
8 | | * the Free Software Foundation, either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * nDPI is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU Lesser General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU Lesser General Public License |
17 | | * along with nDPI. If not, see <http://www.gnu.org/licenses/>. |
18 | | * |
19 | | */ |
20 | | |
21 | | #include "ndpi_protocol_ids.h" |
22 | | |
23 | | #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SFLOW |
24 | | |
25 | | #include "ndpi_api.h" |
26 | | #include "ndpi_private.h" |
27 | | |
28 | | static void ndpi_search_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) |
29 | 1.02M | { |
30 | 1.02M | struct ndpi_packet_struct *packet = &ndpi_struct->packet; |
31 | | // const u_int8_t *packet_payload = packet->payload; |
32 | 1.02M | u_int32_t payload_len = packet->payload_packet_len; |
33 | | |
34 | 1.02M | NDPI_LOG_DBG(ndpi_struct, "search sflow\n"); |
35 | | |
36 | 1.02M | if((packet->udp != NULL) |
37 | 1.02M | && (payload_len >= 24) |
38 | | /* Version */ |
39 | 1.02M | && ntohl(get_u_int32_t(packet->payload, 0)) == 0x00000005 |
40 | | /* Agent Address type: IPv4 / IPv6 */ |
41 | 3.49k | && (ntohl(get_u_int32_t(packet->payload, 4)) == 0x00000001 || |
42 | 3.49k | ntohl(get_u_int32_t(packet->payload, 4)) == 0x00000002)) { |
43 | 2.78k | NDPI_LOG_INFO(ndpi_struct, "found (probably) sflow\n"); |
44 | 2.78k | if (flow->packet_counter >= 2) |
45 | 821 | { |
46 | 821 | NDPI_LOG_INFO(ndpi_struct, "found sflow\n"); |
47 | 821 | ndpi_set_detected_protocol(ndpi_struct, flow, |
48 | 821 | NDPI_PROTOCOL_SFLOW, |
49 | 821 | NDPI_PROTOCOL_UNKNOWN, |
50 | 821 | NDPI_CONFIDENCE_DPI); |
51 | 821 | } |
52 | 2.78k | return; |
53 | 2.78k | } |
54 | | |
55 | 1.02M | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
56 | 1.02M | } |
57 | | |
58 | | void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct) |
59 | 20.4k | { |
60 | 20.4k | ndpi_register_dissector("sFlow", ndpi_struct, |
61 | 20.4k | ndpi_search_sflow, |
62 | 20.4k | NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, |
63 | 20.4k | 1, NDPI_PROTOCOL_SFLOW); |
64 | 20.4k | } |
65 | | |